The remote user will be trained to inspect the firewall logs at least weekly and report any unusual events or suspicious activity to their security officer.

Part of SRC-EPT-440 View firewall logs weekly

Associated with IA controls: ECSC-1

SV-6812r1_rule The remote user will be trained to inspect the firewall logs at least weekly and report any unusual events or suspicious activity to their security officer.

Vulnerability discussion

Log review is an important step in determining if potentially malicious activity has occurred and then can be reported.

Check content

Inspect the training or user agreement documentation. Verifiy that the users are informed of this requirement. If the user is unaware of this requirement or does not perform this task at least weekly, this is a finding.

Fix text

Develop and implement procedures to review audit data.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.